Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
176
Views
0
Helpful
1
Replies

VACL on 6500 not block packet to control plane

Oleg Volkov
Spotlight
Spotlight

‎03-30-2018 04:50 AM - edited ‎03-08-2019 02:27 PM

Hello!

I have Sup2T with 12.2(50r)SYS3 IOS.

Why VACL

(sh vlan filter vlan 2
Vlan 2 has filter MANAGEMENT_VACL2.
filter is active)

Works as expected except one situation:
I can not ping any devices in VLAN 2 from denyed net, except SVI VLAN2.
I think VACL filter do not applyed to control plane. It is true?
And what I can modyfy filter to block packet from denyed network to VLAN2 SVI too?
Thank You

 

--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog
Labels:
0 Helpful
1 Reply 1

gs.skills
Level 1
Level 1

‎03-30-2018 06:58 AM

Hello,
SVI is a Layer 3 interface, i guess if the traffic do not flow throw the vlan (routed traffic), it cannot be filtered with a vlan accesp-map
My solution:
Apply an ACL on the vlan SVI: ip access group ... in
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card